blackmoon | 44e9bc74393f799d862141e41c87f6e83a27d66108a93998ead04c0bd21d0916 | Triage

Submit
Reports

Overview

overview

Static

static

2025-04-21...er.exe

windows10-2004-x64

2025-04-21...er.exe

windows11-21h2-x64

Sharing

General

Target

2025-04-21_46e8bd935752ea7e517e1e494b44ec94_amadey_cloudeye_elex_hacktools_mimikatz_rhadamanthys_smoke-loader
Size

9.4MB
Sample

250421-2fa8bawyes
MD5

46e8bd935752ea7e517e1e494b44ec94
SHA1

c58a29bde28c9270ec75878cdefdc8adb0578300
SHA256

44e9bc74393f799d862141e41c87f6e83a27d66108a93998ead04c0bd21d0916
SHA512

f3ee6cd2a85e703978384525552472aadb798ab16b4f2c9522fe94a474d411322dbc2b1f73d1422872b474d24f9747b240a771081d90f9f0419289df75686cde
SSDEEP

98304:os0vXTBJYa5mknGzZr+HaOKSVPFtmOZ9G1rxwFB5URUSKnaSOProSCa:o3XTYQmknGzwHaOtVPHd9swFBubKL

Score

10^/10

blackmoon mimikatz banker discovery trojan

Static task

static1

blackmoon mimikatz

6 signatures

Behavioral task

behavioral1

Sample

2025-04-21_46e8bd935752ea7e517e1e494b44ec94_amadey_cloudeye_elex_hacktools_mimikatz_rhadamanthys_smoke-loader.exe

Resource

win10v2004-20250410-en

blackmoon mimikatz banker discovery trojan

windows10-2004-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-04-21_46e8bd935752ea7e517e1e494b44ec94_amadey_cloudeye_elex_hacktools_mimikatz_rhadamanthys_smoke-loader.exe

Resource

win11-20250410-en

blackmoon mimikatz banker discovery trojan

windows11-21h2-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-04-21_46e8bd935752ea7e517e1e494b44ec94_amadey_cloudeye_elex_hacktools_mimikatz_rhadamanthys_smoke-loader
- Size
  
  9.4MB
- MD5
  
  46e8bd935752ea7e517e1e494b44ec94
- SHA1
  
  c58a29bde28c9270ec75878cdefdc8adb0578300
- SHA256
  
  44e9bc74393f799d862141e41c87f6e83a27d66108a93998ead04c0bd21d0916
- SHA512
  
  f3ee6cd2a85e703978384525552472aadb798ab16b4f2c9522fe94a474d411322dbc2b1f73d1422872b474d24f9747b240a771081d90f9f0419289df75686cde
- SSDEEP
  
  98304:os0vXTBJYa5mknGzZr+HaOKSVPFtmOZ9G1rxwFB5URUSKnaSOProSCa:o3XTYQmknGzwHaOtVPHd9swFBubKL
Score

10^/10

blackmoon mimikatz banker discovery trojan
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Mimikatz family
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
- Executes dropped EXE
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

blackmoonmimikatz

behavioral1

blackmoonmimikatzbankerdiscoverytrojan

behavioral2

blackmoonmimikatzbankerdiscoverytrojan

© 2018-2025

Terms | Privacy